Section - HTTP Parameter Pollution Detection - Mixed Types

This feature prevents HTTP parameter pollution attempts using duplicate parameters with the same name but different types. The following parameter types are distinguished:

  • Query parameters
  • Path parameters. A path segment is interpreted as a parameter if it is of the form "name=value;".
  • Additional query parameters for encrypted URLs.
  • POST parameters

Block duplicate parameters

If enabled, requests are blocked if they contain the same parameter names with different parameter types. For example, a request is blocked if a parameter "id" is present as a POST parameter and as a query parameter simultaneously.

Log only

If enabled, threat handling for duplicate parameters is set to log only instead of blocking.

Parameter name exception pattern

Use the exception pattern to exclude parameters from the parameter pollution detection.